Geo blocking address command query

Umesh · ‎04-16-2024

Dear All.

I have doubt why we configure -

config firewall address
edit "test-reserved
set country zz
end

thank you.

AEK · ‎04-16-2024

Hi Umesh

If you specify IN and ZZ as source address then both public IP addresses from India and local IP addresses will be allowed.

AEK

View solution in original post

AEK · ‎04-16-2024

Hi Umesh

When you create this ZZ GeoIP address and use it in a firewall policy it means the address must be local (not public) in order to match, like 192.168.x.x, 172.16.x.x, 10.x.x.x and so.

AEK

Umesh · ‎04-16-2024

Hi AEK,

let suppose I have to allow only India address. Can I mention in the policy.

Source address - Geo-India and reserved location - country zz.

Thanks

AEK · ‎04-16-2024

Hi Umesh

If you specify IN and ZZ as source address then both public IP addresses from India and local IP addresses will be allowed.

AEK

hbac · ‎04-16-2024

Hi @Umesh,

Below is an example of a geography address object for India.

config firewall address
edit "India"
set type geography
set country "IN"
next
end

Regards,